How RPSC Bridges the Gap Between Privacy, Regulation and Programmability in Decentralised Finance

Study conducted by Prof. Allen Man Ho AU and his research team

Smart contracts have become the backbone of decentralised finance, enabling automated transactions and the development of complex applications on blockchain platforms. Their capacity to execute code autonomously, without intermediaries, has transformed the way digital assets are exchanged, votes are cast, and agreements are enforced. As the technological foundation of Web3.0, smart contracts are increasingly relied upon to facilitate a wide range of financial and governance activities. 

However, the transparency that makes blockchain technology so powerful also introduces significant privacy challenges. Every transaction and contract execution are recorded on a public ledger, exposing sensitive user data and transactional details to anyone with access to the network. This openness, while beneficial for auditability and accountability, can be detrimental to user privacy and data confidentiality.

The tension between privacy and regulation has emerged as a central issue in blockchain research. Early privacy-preserving solutions, such as Zerocash and Hawk, leveraged advanced cryptographic techniques to anonymise transactions and user identities. These approaches, while effective in protecting privacy, often lacked the flexibility to selectively reveal private data when required for regulatory compliance or dispute resolution. Furthermore, most of these schemes were designed for UTXO-based blockchains¹, such as Bitcoin, which operate on a fundamentally different model from account-based platforms like Ethereum. 

Ethereum, with its account-based structure, has become the dominant platform for smart contracts, hosting the majority of decentralised applications and managing billions in transaction value annually. Yet, the absence of robust privacy solutions tailored to account-based blockchains has left a critical gap in the ecosystem.

Writing in IEEE Transaction on Network Science and Engineering [1], a research team led by Prof. Allen Man Ho AU, Associate Head (Research and Development) and Professor of the Department of Computing at The Hong Kong Polytechnic University, has introduced the Regulatable Privacy-Preserving Smart Contracts (RPSC) system, a novel framework that combines fine-grained privacy controls, regulatory traceability and full compatibility with account-based blockchains, to address the above-mentioned problems.  

Figure 1. The system model of the RPSC system.

The design of RPSC is rooted in a sophisticated system model that brings together three principal entities: users, regulators and the blockchain itself (Figure 1). Users are the primary participants, each equipped with a unique public-private key pair. Their public keys serve as identifiers within the system, while private keys enable the generation of privacy-preserving transactions. Depending on the application context, users may assume specialised roles, such as voters in an electronic voting system or bidders in an auction. Regulators, typically government agencies or designated authorities, are granted the ability to view private data and trace transactions when necessary, using their own cryptographic key pairs. Importantly, regulators are restricted to observational and investigative functions. They cannot alter data on the blockchain. The blockchain, in turn, acts as a transparent, append-only ledger, hosting smart contracts that execute autonomously upon user interaction.

Figure 2. The multi-layer record commitment structure in RPSC.

Central to the RPSC system is the introduction of a multi-layer record commitment structure (Figure 2), which enables fine-grained privacy protection and flexible data state transitions. Building upon the Record structure concept from ZEXE², RPSC extends this idea to represent both public and private data within smart contracts. Each record comprises a public key, data and a serial number seed, with multiple layers of commitment: one to the public key of the data owner (cm_pk), one to the data itself (cm_data), one to the serial number seed (cm_seed) and an overall commitment to the record (cm). This multi-layer approach allows users to selectively disclose private data by replacing commitment values with actual data when necessary. For instance, in the event of a dispute or regulatory investigation, a user can reveal specific transaction details without compromising the privacy of unrelated data.

Figure 3. Construction of a transaction Tx_i.

The construction of a transaction within RPSC is both rigorous and flexible. Each transaction consumes existing records and generates new ones, with the process governed by cryptographic protocols to ensure privacy and correctness. As shown in Figure 3, a transaction includes the serial number of the consumed record, commitments of the new record and a zero-knowledge proof³ attesting to the validity of the transaction. The commitments form a Merkle tree within the smart contract, facilitating efficient zero-knowledge proofs of record existence and ensuring that each serial number can only appear once, thereby preventing double consumption. The serial number itself is generated using a pseudorandom function (PRF), combining the serial number seed and the owner's secret key, which guarantees determinism while preventing unauthorised computation.
 

Figure 4. Overview of transaction regulation.

To meet the regulatory traceability requirements, RPSC integrates public-key encryption and zero-knowledge proofs, specifically zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) (Figure 4). Users encrypt transaction details using the regulator's public key, ensuring that only authorised entities can decrypt and access sensitive information. Zero-knowledge proofs are employed to verify the correctness of transactions without revealing underlying data, thereby maintaining both confidentiality and integrity. The Backbone of the RPSC system combines cryptographic primitives including commitment protocols for data binding and hiding, zk-SNARKs for privacy-preserving verification, pseudorandom functions for generating unlinkable serial numbers and symmetric and public-key encryption for secure data transmission. The smart contract itself is responsible for verifying zero-knowledge proofs and recording user registrations, ensuring that only valid transactions are appended to the blockchain.

Transaction regulation in RPSC is achieved through a two-layer encryption mechanism. When a user initiates a transaction, a copy of the private transaction data is encrypted using the regulator's public key. This allows the regulator, and only the regulator, to decrypt and access the detailed data for oversight purposes. The smart contract checks the correctness of this encryption using zk-SNARKs proofs, ensuring that the encrypted data matches the transaction details without revealing the actual content to the public. This design enables regulatory traceability while preserving user privacy, striking a balance between accountability and confidentiality.

The performance of RPSC is anchored in its ability to meet four core security requirements: on-chain privacy, off-chain soundness, data record unlinkability and regulatory traceability. 

On-chain privacy is maintained by ensuring that transaction details and user identities remain confidential, accessible only to regulators with the appropriate cryptographic keys. Merkle trees, commitment protocols and zero-knowledge proofs prevent adversaries from inferring sensitive data. Off-chain soundness is achieved through cryptographically secure computations and zero-knowledge proofs, which prevent tampering or forgery of transaction data. Data record unlinkability is ensured by recording only committed values on-chain and using pseudorandom functions for serial number generation, making it infeasible to link records across transactions. Regulatory traceability allows regulators to decrypt transaction details and trace data lineage, ensuring accountability without compromising user privacy.

Table 1. Performance comparison of Hawk, zkay and RPSC for the finalisation in auction scenarios with 10 and 50 bidders.

To assess RPSC's practical viability, the system was implemented on an Ethereum-compatible blockchain and benchmarked against Hawk and zkay. In an e-voting scenario with 10 participants, the counting phase required approximately 587 seconds for zk-SNARKs proof generation. For auction applications, increasing participants from 10 to 50 led to a proportional rise in time and memory requirements. Detailed performance is illustrated in Table 1. 

Table 2. Execution gas cost in verification contract for different phases with 10 participants.

Despite these off-chain costs, on-chain operations remained efficient. As shown in Table 2, registering auction participants consumed 279,959 gas, verifying bids required 356,260 gas and finalisation proofs 426,695 gas. In e-voting, vote verification cost 947,495 gas, with result verification at 755,749 gas. Compared to Hawk and zkay, RPSC incurs a modest increase in proof generation time and verification key size due to its enhanced features, but it maintains comparable on-chain verification times, making it practical for real-world, privacy-sensitive applications.

In conclusion, the RPSC system represents a significant advancement in the design of privacy-preserving smart contracts for account-based blockchains. By combining multi-layer commitments, zero-knowledge proofs and regulatory traceability, RPSC offers a balanced solution that addresses the needs of privacy, programmability and accountability in decentralised applications. The system’s ability to reconcile the demands of privacy and regulation, without sacrificing efficiency or programmability, marks a new paradigm in the development of smart contracts and decentralised applications. 

Prof. Au has been recognised by Stanford University as one of the top 2% most-cited scientists worldwide (career-long) in the field of information and communication technologies for four consecutive years, from 2022 to 2025, and one of the top 2% most-cited scientists worldwide (single-year) for six consecutive years, from 2020 to 2025. He is the recipient of the Hong Kong Engineering Science and Technology (HKEST) Award 2024-25 and the Bank of China (Hong Kong) Limited (BOCHK) Science and Technology Innovation Prize (STIP) in the field of FinTech in 2023. Prof. Au is an elected member of The Hong Kong Academy of Engineering (HKAE)'s Young Member Section, an expert member of the China delegation of ISO/IEC JTC 1/SC 27 working group 2–Cryptography and security mechanisms and a committee member of the Hong Kong Blockchain Society R&D division. In the past five years, he has attracted over HKD30M in research and high-level consultancy projects. His research teams also won USD550,000 at ZPRIZE organised by the Web3 community in 2023 and USD250,000 in 2024.

1. A UTXO(Unspent Transaction Outputs)-based blockchain, like Bitcoin, tracks coins as unspent transaction outputs, where each transaction consumes and creates outputs. An account-based blockchain, like Ethereum, manages balances linked to user accounts, updating balances directly with each transaction. UTXO offers better privacy and traceability, while account-based systems are more flexible for smart contracts and complex applications.

2. ZEXE (Zero-Knowledge EXEcution) is an account-based system supporting private smart contract on a distributed ledger.

3. A zero-knowledge proof is a cryptographic protocol that allows the verifier of information to prove that a statement is true without revealing any information.  

[1] Jiang, Z. L., Xie, M., Chen, H., Pan, Y., Lyu, J. & Au, M. H. (2024) RPSC: Regulatable Privacy-Preserving Smart Contracts on Account-Based Blockchain, IEEE Transactions on Network Science and Engineering, vol. 11, no. 5, pp. 4822-4835, Sept.-Oct. 2024, doi: 10.1109/TNSE.2024.3421539.

Prof. Allen Man Ho AU Associate Head (Research and Development) and Professor,  Department of Computing Director, The Research Centre for Blockchain Technology